Introduction
1. a) What is an octet?
A collection of eight bits.
b) What is a host?
Any device with an IP address.
c) Is a home PC connected to the Internet a host?
Yes
d) Distinguish between the terms internet and Internet.
When the term is spelled with a lower-case “i,” it refers to any internet or the internet layer. When it is spelled with an upper-case “I,” it refers to the global Internet.
A Sampling of Networks
A Simple Home Network
2. a) What are the functions of an access router? Explain each function in one sentence.
It is a switch, a wireless access point (sometimes), a router to connect the firm to the Internet, a DHCP server, and a NAT provider.
b) Describe the technology of 4-pair UTP wiring.
A UTP cord contains eight copper wires organized as four pairs. The two wires of each pair are twisted around each other several times an inch to reduce interference.
c) What is an Internet access line?
A transmission line that connects a home or business to its Internet service provider.
d) What is a broadband modem?
A broadband modem transmits signals over a broadband access line.
e) Why is wireless transmission dangerous?
Eavesdroppers can intercept wireless transmissions.
A Building LAN
3. a) What is a local area network?
A LAN is a network that operates on the customer premises.
b) What is the customer premises?
The land and buildings owned by the corporations.
c) Distinguish between workgroup switches and core switches.
Workgroup switches connect users to the network. Core switches connect switches to other switches.
d) Why is UTP dangerous?
It is easy to tap and generates signals that can be picked up even without tapping the UTP cord.
e) Why is 802.1X needed?
Most switches today have 802.1X capability that requires any device connecting to a wall jack to authenticate itself before being allowed to transmit beyond the switch.
A Firm’s Wide Area Networks (WANs)
4. a) Distinguish between LANs and WANs.
LANs operate within a company’s premises. WANs connect different premises.
b) Why do companies use carriers for WAN transmission?
They lack the right of way to lay communication facilities between sites.
c) What two WAN technologies are illustrated in Figure A-4?
Point-to-point networks and public switched data networks (Frame Relay)
d) Why is carrier WAN traffic generally considered safe?
Access to the network is limited, and internal routing is hidden.
The Internet
5. a) Which organization created the Internet?
The Defense Advanced Research Projects Agency.
b) What is the function of a router?
To connect networks together.
c) Distinguish between frames and packets.
Frames are messages sent through LANs or WANs. Packets are messages sent through an internet. Packets are carried within frames.
d) If two hosts are separated by five networks, how many packets will there be along the way when a host transmits a packet to another host?
One
e) If two hosts are separated by seven networks, how many frames will there be along the way when a host transmits a packet to another host?
Five
f) Why was intranet security initially light?
It was believed that attackers would have a difficult time getting into an intranet. This belief has been called into question.
Applications
6. a) What type of applications usually generates the most traffic in an organization?
Business-specific applications.
b) Why is managing application security time-consuming?
There are many applications to protect.
Network Protocols and Vulnerabilities
Inherent Security
Security Explicitly Designed into the Standard
Security in Older Versions of the Standard
Defective Implementation
7. List the four security problems with protocols. Write one sentence describing each.
Some protocol designs are inherently insecure.
Others have had security added but have done so in an awkward way that causes problems.
Security in older versions may still be causing problems.
Defective implementation of a standard can lead to unsecure products based on secure protocols.
Core Layers in Layered Standards Architectures
8. a) What are the three core standards layers?
Single network
Internet
Application
b) Distinguish between the single-network core layer and the internet core layer.
The single-network core layer is responsible for delivering frames within LANs or WANs.
The internet core layer is responsible for delivering packets from source host to destination host across an internet.
c) At what core layer do you find LAN standards?
Single network
d) At what core layer do you find WAN standards?
Single network
e) At what core layer do you find standards for the global Internet?
Internet
Standards Architectures
9. What is a standards architecture?
A standards architecture is a broad layering plan that specifies layers. Later, standards are created for individual layers.
The TCP/IP Standards Architecture
10. a) Which organization creates Internet standards?
The Internet Engineering Task Force (IETF).
b) What is the name of its standards architecture?
TCP/IP
c) What is an RFC?
Request for Comments. It is a document with a proposed standard or other information.
d) How can you tell which RFCs are Internet Official Protocol Standards?
Periodically, the IETF issues an RFC listing Internet Official Protocol Standard.
The OSI Standards Architecture
11. a) What two standards agencies govern OSI? (Just give their acronyms.)
ISO and ITU-T.
b) Distinguish between OSI and ISO.
OSI is the architecture.
ISO is one of the two standards agencies responsible for OSI.
c) How many layers does the OSI architecture have?
Seven
d) Which of these layers are similar to the layers in TCP/IP?
Physical, data link, internet, and transport.
e) Compare the TCP/IP application layer with comparable OSI layers.
TCP/IP has a single application layer.
OSI has three standards layer: session, presentation, and application.
The Hybrid TCP/IP-OSI Architecture
12. a) What architecture do most firms actually use?
The hybrid TCP/IP-OSI architecture
b) In the hybrid TCP/IP-OSI architecture, which layers come from OSI?
Physical and data link.
d) From what standards architecture do application layer standards come?
Both OSI and TCP/IP standards are used, often in combination.
Single-Network Standards
13. What two layers define LAN and WAN standards?
Physical and data link.
The Data Link Layer
14. What is a data link?
The path a frame takes across a single network, from the source host to the destination host, across multiple switches.
The Physical Layer
15. a) Distinguish between physical links and data links.
Physical links connect adjacent devices.
Data links are paths between the source host and destination host, usually across multiple physical links.
b) What advantage of optical fiber over UTP was listed in the text?
UTP cords act like radio antennas when they carry signals, allowing people to intercept UTP signals by placing devices near (but not touching) the cord. Optical fiber requires physically tapping into the fiber cords.
c) Why is spread spectrum transmission used in wireless LANs?
To reduce transmission problems.
d) Why are switch supervisory frames needed?
They are needed to allow the network to run efficiently.
e) Why does optical fiber have better inherent security than UTP?
Optical fiber signals cannot be read without physically tapping the fiber cord. UTP signals can be read without tapping the cord.
f) What dangers does radio create?
Radio signals can be intercepted easily.
g) Does spread spectrum transmission in commercial wireless LANs provide security?
No
h) Why is the 802.1AE standard necessary?
The 802.1AE LAN security standard is designed to limit switch-to-switch communication to authenticated switches, thus preventing attacks based on impersonating switches
Internetworking Standards
16. a) Why was IP made to be a very simple standard?
The standards developers could not assume much functionality in the individual networks through which IP packets would travel.
b) Why was complexity needed in the TCP standard?
To add error correction and other desirable features that IP did not offer.
The Internet Protocol (IP)
The IP Version 4 Packet
The First Row
The Second Row
The Third Row
Options
17. a) If the header length field’s value is 6 and the total length field’s value is 50, how long is the data field? Show your work.
Header is 6 x 4 = 24 octets
Total length = 50 octets
Data field = 50 – 24 = 26 octets
b) What is the general function of the second row in the IPv4 header?
To handle fragmentation and reassembly.
c) Why is a TTL field needed?
So that misaddressed packets will not circulate endlessly.
d) If a router receives a packet with a TTL value of 1, what will it do?
It decreases the TTL value to 0 and then drops the packet.
e) What does the protocol field in the IP header tell the destination host?
What is in the data field.
f) How is the header checksum field used?
To determine if there is a header error that might cause routing problems.
If an error is found, the router or destination host drops the packet.
g) Are IPv4 options used frequently?
No
h) Why is fragmentation a threat indication?
It is used by hackers so that firewalls cannot see entire packets.
i) How can attackers use the TTL field to map a network?
The attacker keeps sending packets to an IP destination address.
In each successive packet, the TTL field is increased by one.
The router that sets the TTL value to zero and drops the packet, it sends the attacker an ICMP message that contains the router’s IP address.
Each packet reveals one more router along the route to the destination host.
Doing this with different destination hosts will map a good deal of the network.
The Source and Destination IP Addresses
Masks
IP Version 6
18. a) How long are traditional IP addresses?
32 bits long.
b) What are the three parts of an IP address?
Network part, subnet part, and host part.
c) Why are masks needed?
To identify the size of the network part or network and subnet parts.
d) What is the main advantage of IPv6?
It will support many more possible IP addresses.
IPsec
19. a) In what sense is IPsec a general protection strategy for all internet, transport, and application protocols?
It provides transparent protection to everything in the packet’s data field. This definitely includes the transport and application protocols. It may include the entire IP packet.
b) Does IPsec work with IPv4, IPv6, or both?
Both
c) Compare IPsec transport mode and tunnel mode.
In transport mode, there is protection all the way from the source host to the destination host. In tunnel mode, there is only protection between sites and none within sites. Transport mode gives stronger protection but is much more expensive to implement. In addition, firewalls cannot easily filter transport mode traffic, which is unreadable unless the firewall has the decryption key for the communication.
The Transmission Control Protocol (TCP)
20. a) How many TCP/IP transport layer protocols are there?
Two—TCP and UDP.
b) What is a TCP message called?
TCP segments.
TCP: A Connection-Oriented and Reliable Protocol
21. a) Describe a TCP session opening.
One side sends a TCP SYN segment to indicate that it wishes to open a connection.
The other side sends back a TCP SYN/ACK segment to indicate its willingness.
The original side sends an ACK to acknowledge the receipt of the SYN/ACK.
b) Describe a normal TCP closing.
One side sends and TCP FIN segment.
The other side sends an ACK.
The other side may continue to send content segments.
The original side will continue to respond to ACKs.
Later, the other side sends a TCP FIN segment
The original side sends a TCP ACK.
c) Describe an abrupt TCP closing.
One side sends a TCP RST segment.
There is no acknowledgement or any other further communication.
d) Describe how reliability is implemented in TCP.
If a TCP process on the destination host correctly receives a TCP segment, it sends an acknowledgement to the sender.
If the original sender does not receive an ACK promptly, it retransmits the segment.
e) Describe a TCP half-open DoS attack.
The attacker sends a SYN segment.
The victim sends a SYN/ACK and sets aside resources for the connection.
The attacker never sends the final ACK. The victim continues to reserve the resources for the connection.
The attacker continues to send SYNs to tie up more resources.
f) What information does a RST segment give an attacker?
The RST segment is carried within an IP packet. Therefore, the attacker learns the IP address of the host sending the RST.
Flag Fields
22. a) What is a flag field?
A one-bit field.
b) What does it mean to say that a flag field is set?
Its value is equal to one.
Sequence Number Field
23. a) A TCP segment carries octets 23,802 through 23,875. What is its sequence number?
23,802
b) The next segment is a FIN segment that carries no data. What is its sequence number?
23,803
c) What does an attacker have to predict to be able to do TCP session hijacking?
The sequence number of the next TCP segment to be sent.
Acknowledgment Number Field
24. A TCP segment carries octets 23,802 through 23,875. What will be the acknowledgement number in the TCP segment that acknowledges this segment?
23,876.
Window Field
Options
25. a) What is the purpose of the TCP window field?
To limit the transmission rate of the other host in the connection.
b) How does the window field automatically control congestion?
The window size begins small to avoid congestion.
If a segment is lost (probably due to congestion), the window size is again set to a small value.
c) Does TCP use options frequently?
Yes.
Port Numbers
26. a) A packet has the source socket 1.2.3.4:47 and the destination socket 10.18.45.123:4400. Is the source host a client or a server? Explain.
The source port number is 47. This is a well-known port number. Therefore, the source host is a server.
b) Is the destination host a client or a server? Explain.
The destination port number is 4400. This is an ephemeral port number, so the destination host is a client.
c) A server sends a packet with the source socket 60.32.1.79:25. What kind of server is it? Explain.
It uses the well-known port number, which indicates that it is a mail server.
d) What is socket spoofing?
Sending a packet with a false IP address and port number.
TCP Security
27. a) Does TCP have comprehensive security comparable with IPsec for IP?
No
b) Why is a lack of an automatic key exchange a problem for TCP electronic signatures?
There is none.
The User Datagram Protocol
28. a) What is the attraction of UDP?
It places a small load on the hosts and the network.
b) What kinds of applications specify the use of UDP at the transport layer?
Those that do not need reliability and those that cannot wait for retransmissions of lost or damaged messages.
c) Why is UDP more dangerous than TCP?
TCP’s sequence numbers make TCP session hijacking very difficult. UDP lacks this protection
TCP/IP Supervisory Standards
Internet Control Message Protocol (ICMP)
29. a) What is the TCP/IP internet layer supervisory protocol?
The Internet Control Message Protocol (ICMP).
b) Describe ping.
One side sends an ICMP echo message.
The other side sends back an ICMP echo reply message.
c) Describe ICMP error messages.
When a router or destination host must drop a packet, it sends back an ICMP error message.
d) What information does ping give an attacker?
The fact that there is a host at a given IP address.
e) What information does tracert give an attacker?
The route a packet takes to a destination host.
f) What information does an ICMP error message give an attacker?
The IP address of the host sending the error message.
The Domain Name System (DNS)
30. a) Why would a host contact a DNS server?
To learn the IP address of a host to which it wants to send packets.
b) If a local DNS server does not know the IP address for a host name, what will it do?
It will contact one or more other DNS servers.
c) What kind of organization must maintain one or more DNS servers?
An organization with a second-level domain name.
d) What is DNS cache poisoning?
An attacker replaces the IP address of a host name with another IP address.
e) Describe the status of DNSSEC.
It is under development.
f) Why are root servers attacked?
If most or all root servers were taken down, the effectiveness of the DNS system would begin to degrade.
Dynamic Host Configuration Protocol (DHCP)
31. a) What kind of IP addresses do servers get?
Static IP addresses.
b) Why are DHCP servers used?
To give IP addresses to clients.
c) Will a PC get the same dynamic IP address each time it uses the Internet?
Not necessarily.
d) Both DHCP servers and DNS servers give IP addresses. How do these IP addresses differ?
DHCP servers give a host an IP address for the host to use.
DNS servers give a host the IP address of a host to which the original host wishes to send packets.
Dynamic Routing Protocols
32. a) Why are dynamic routing protocols needed?
So that routers can get information for their routing tables.
b) What is the main TCP/IP interior dynamic routing protocol for large networks?
OSPF
c) What is the main TCP/IP exterior dynamic routing protocol?
BGP
d) Why is Cisco’s EIGRP attractive?
It is not limited to TCP/IP routing.
e) Is a company free to select its interior dynamic routing protocol, exterior dynamic routing protocol, or both?
Only its internal dynamic routing protocol.
f) How could an attacker use dynamic routing protocols to attack a network?
It could send false routing information to the network’s routers.
Simple Network Management Protocol (SNMP)
33. a) What is the purpose of SNMP?
To get configuration information from managed devices on the network and to change the configuration of managed devices.
b) Distinguish between the SNMP GET and SET commands.
GET asks for configuration information.
SET tells the managed device to change its configuration.
c) Why do many organizations disable the SET command?
SET is dangerous in terms of what it allows an attacker using SET to do.
Application Standards
34. a) Why are there usually two protocols for each application?
Application protocols need a protocol for message delivery and a protocol for message format.
b) In e-mail, distinguish between SNMP and POP.
SNMP is used to send messages.
POP is used to download mail from a mail server.
c) Why are Telnet and FTP dangerous?
They have no security, sending passwords in the clear.
d) What secure protocol can be used instead of Telnet and FTP?
SSH (Secure Shell)
e) What is the security standards situation in e-mail?
There is no consensus on e-mail security standards, so the standards are not widely used.
1. a) What is an octet?
A collection of eight bits.
b) What is a host?
Any device with an IP address.
c) Is a home PC connected to the Internet a host?
Yes
d) Distinguish between the terms internet and Internet.
When the term is spelled with a lower-case “i,” it refers to any internet or the internet layer. When it is spelled with an upper-case “I,” it refers to the global Internet.
A Sampling of Networks
A Simple Home Network
2. a) What are the functions of an access router? Explain each function in one sentence.
It is a switch, a wireless access point (sometimes), a router to connect the firm to the Internet, a DHCP server, and a NAT provider.
b) Describe the technology of 4-pair UTP wiring.
A UTP cord contains eight copper wires organized as four pairs. The two wires of each pair are twisted around each other several times an inch to reduce interference.
c) What is an Internet access line?
A transmission line that connects a home or business to its Internet service provider.
d) What is a broadband modem?
A broadband modem transmits signals over a broadband access line.
e) Why is wireless transmission dangerous?
Eavesdroppers can intercept wireless transmissions.
A Building LAN
3. a) What is a local area network?
A LAN is a network that operates on the customer premises.
b) What is the customer premises?
The land and buildings owned by the corporations.
c) Distinguish between workgroup switches and core switches.
Workgroup switches connect users to the network. Core switches connect switches to other switches.
d) Why is UTP dangerous?
It is easy to tap and generates signals that can be picked up even without tapping the UTP cord.
e) Why is 802.1X needed?
Most switches today have 802.1X capability that requires any device connecting to a wall jack to authenticate itself before being allowed to transmit beyond the switch.
A Firm’s Wide Area Networks (WANs)
4. a) Distinguish between LANs and WANs.
LANs operate within a company’s premises. WANs connect different premises.
b) Why do companies use carriers for WAN transmission?
They lack the right of way to lay communication facilities between sites.
c) What two WAN technologies are illustrated in Figure A-4?
Point-to-point networks and public switched data networks (Frame Relay)
d) Why is carrier WAN traffic generally considered safe?
Access to the network is limited, and internal routing is hidden.
The Internet
5. a) Which organization created the Internet?
The Defense Advanced Research Projects Agency.
b) What is the function of a router?
To connect networks together.
c) Distinguish between frames and packets.
Frames are messages sent through LANs or WANs. Packets are messages sent through an internet. Packets are carried within frames.
d) If two hosts are separated by five networks, how many packets will there be along the way when a host transmits a packet to another host?
One
e) If two hosts are separated by seven networks, how many frames will there be along the way when a host transmits a packet to another host?
Five
f) Why was intranet security initially light?
It was believed that attackers would have a difficult time getting into an intranet. This belief has been called into question.
Applications
6. a) What type of applications usually generates the most traffic in an organization?
Business-specific applications.
b) Why is managing application security time-consuming?
There are many applications to protect.
Network Protocols and Vulnerabilities
Inherent Security
Security Explicitly Designed into the Standard
Security in Older Versions of the Standard
Defective Implementation
7. List the four security problems with protocols. Write one sentence describing each.
Some protocol designs are inherently insecure.
Others have had security added but have done so in an awkward way that causes problems.
Security in older versions may still be causing problems.
Defective implementation of a standard can lead to unsecure products based on secure protocols.
Core Layers in Layered Standards Architectures
8. a) What are the three core standards layers?
Single network
Internet
Application
b) Distinguish between the single-network core layer and the internet core layer.
The single-network core layer is responsible for delivering frames within LANs or WANs.
The internet core layer is responsible for delivering packets from source host to destination host across an internet.
c) At what core layer do you find LAN standards?
Single network
d) At what core layer do you find WAN standards?
Single network
e) At what core layer do you find standards for the global Internet?
Internet
Standards Architectures
9. What is a standards architecture?
A standards architecture is a broad layering plan that specifies layers. Later, standards are created for individual layers.
The TCP/IP Standards Architecture
10. a) Which organization creates Internet standards?
The Internet Engineering Task Force (IETF).
b) What is the name of its standards architecture?
TCP/IP
c) What is an RFC?
Request for Comments. It is a document with a proposed standard or other information.
d) How can you tell which RFCs are Internet Official Protocol Standards?
Periodically, the IETF issues an RFC listing Internet Official Protocol Standard.
The OSI Standards Architecture
11. a) What two standards agencies govern OSI? (Just give their acronyms.)
ISO and ITU-T.
b) Distinguish between OSI and ISO.
OSI is the architecture.
ISO is one of the two standards agencies responsible for OSI.
c) How many layers does the OSI architecture have?
Seven
d) Which of these layers are similar to the layers in TCP/IP?
Physical, data link, internet, and transport.
e) Compare the TCP/IP application layer with comparable OSI layers.
TCP/IP has a single application layer.
OSI has three standards layer: session, presentation, and application.
The Hybrid TCP/IP-OSI Architecture
12. a) What architecture do most firms actually use?
The hybrid TCP/IP-OSI architecture
b) In the hybrid TCP/IP-OSI architecture, which layers come from OSI?
Physical and data link.
d) From what standards architecture do application layer standards come?
Both OSI and TCP/IP standards are used, often in combination.
Single-Network Standards
13. What two layers define LAN and WAN standards?
Physical and data link.
The Data Link Layer
14. What is a data link?
The path a frame takes across a single network, from the source host to the destination host, across multiple switches.
The Physical Layer
15. a) Distinguish between physical links and data links.
Physical links connect adjacent devices.
Data links are paths between the source host and destination host, usually across multiple physical links.
b) What advantage of optical fiber over UTP was listed in the text?
UTP cords act like radio antennas when they carry signals, allowing people to intercept UTP signals by placing devices near (but not touching) the cord. Optical fiber requires physically tapping into the fiber cords.
c) Why is spread spectrum transmission used in wireless LANs?
To reduce transmission problems.
d) Why are switch supervisory frames needed?
They are needed to allow the network to run efficiently.
e) Why does optical fiber have better inherent security than UTP?
Optical fiber signals cannot be read without physically tapping the fiber cord. UTP signals can be read without tapping the cord.
f) What dangers does radio create?
Radio signals can be intercepted easily.
g) Does spread spectrum transmission in commercial wireless LANs provide security?
No
h) Why is the 802.1AE standard necessary?
The 802.1AE LAN security standard is designed to limit switch-to-switch communication to authenticated switches, thus preventing attacks based on impersonating switches
Internetworking Standards
16. a) Why was IP made to be a very simple standard?
The standards developers could not assume much functionality in the individual networks through which IP packets would travel.
b) Why was complexity needed in the TCP standard?
To add error correction and other desirable features that IP did not offer.
The Internet Protocol (IP)
The IP Version 4 Packet
The First Row
The Second Row
The Third Row
Options
17. a) If the header length field’s value is 6 and the total length field’s value is 50, how long is the data field? Show your work.
Header is 6 x 4 = 24 octets
Total length = 50 octets
Data field = 50 – 24 = 26 octets
b) What is the general function of the second row in the IPv4 header?
To handle fragmentation and reassembly.
c) Why is a TTL field needed?
So that misaddressed packets will not circulate endlessly.
d) If a router receives a packet with a TTL value of 1, what will it do?
It decreases the TTL value to 0 and then drops the packet.
e) What does the protocol field in the IP header tell the destination host?
What is in the data field.
f) How is the header checksum field used?
To determine if there is a header error that might cause routing problems.
If an error is found, the router or destination host drops the packet.
g) Are IPv4 options used frequently?
No
h) Why is fragmentation a threat indication?
It is used by hackers so that firewalls cannot see entire packets.
i) How can attackers use the TTL field to map a network?
The attacker keeps sending packets to an IP destination address.
In each successive packet, the TTL field is increased by one.
The router that sets the TTL value to zero and drops the packet, it sends the attacker an ICMP message that contains the router’s IP address.
Each packet reveals one more router along the route to the destination host.
Doing this with different destination hosts will map a good deal of the network.
The Source and Destination IP Addresses
Masks
IP Version 6
18. a) How long are traditional IP addresses?
32 bits long.
b) What are the three parts of an IP address?
Network part, subnet part, and host part.
c) Why are masks needed?
To identify the size of the network part or network and subnet parts.
d) What is the main advantage of IPv6?
It will support many more possible IP addresses.
IPsec
19. a) In what sense is IPsec a general protection strategy for all internet, transport, and application protocols?
It provides transparent protection to everything in the packet’s data field. This definitely includes the transport and application protocols. It may include the entire IP packet.
b) Does IPsec work with IPv4, IPv6, or both?
Both
c) Compare IPsec transport mode and tunnel mode.
In transport mode, there is protection all the way from the source host to the destination host. In tunnel mode, there is only protection between sites and none within sites. Transport mode gives stronger protection but is much more expensive to implement. In addition, firewalls cannot easily filter transport mode traffic, which is unreadable unless the firewall has the decryption key for the communication.
The Transmission Control Protocol (TCP)
20. a) How many TCP/IP transport layer protocols are there?
Two—TCP and UDP.
b) What is a TCP message called?
TCP segments.
TCP: A Connection-Oriented and Reliable Protocol
21. a) Describe a TCP session opening.
One side sends a TCP SYN segment to indicate that it wishes to open a connection.
The other side sends back a TCP SYN/ACK segment to indicate its willingness.
The original side sends an ACK to acknowledge the receipt of the SYN/ACK.
b) Describe a normal TCP closing.
One side sends and TCP FIN segment.
The other side sends an ACK.
The other side may continue to send content segments.
The original side will continue to respond to ACKs.
Later, the other side sends a TCP FIN segment
The original side sends a TCP ACK.
c) Describe an abrupt TCP closing.
One side sends a TCP RST segment.
There is no acknowledgement or any other further communication.
d) Describe how reliability is implemented in TCP.
If a TCP process on the destination host correctly receives a TCP segment, it sends an acknowledgement to the sender.
If the original sender does not receive an ACK promptly, it retransmits the segment.
e) Describe a TCP half-open DoS attack.
The attacker sends a SYN segment.
The victim sends a SYN/ACK and sets aside resources for the connection.
The attacker never sends the final ACK. The victim continues to reserve the resources for the connection.
The attacker continues to send SYNs to tie up more resources.
f) What information does a RST segment give an attacker?
The RST segment is carried within an IP packet. Therefore, the attacker learns the IP address of the host sending the RST.
Flag Fields
22. a) What is a flag field?
A one-bit field.
b) What does it mean to say that a flag field is set?
Its value is equal to one.
Sequence Number Field
23. a) A TCP segment carries octets 23,802 through 23,875. What is its sequence number?
23,802
b) The next segment is a FIN segment that carries no data. What is its sequence number?
23,803
c) What does an attacker have to predict to be able to do TCP session hijacking?
The sequence number of the next TCP segment to be sent.
Acknowledgment Number Field
24. A TCP segment carries octets 23,802 through 23,875. What will be the acknowledgement number in the TCP segment that acknowledges this segment?
23,876.
Window Field
Options
25. a) What is the purpose of the TCP window field?
To limit the transmission rate of the other host in the connection.
b) How does the window field automatically control congestion?
The window size begins small to avoid congestion.
If a segment is lost (probably due to congestion), the window size is again set to a small value.
c) Does TCP use options frequently?
Yes.
Port Numbers
26. a) A packet has the source socket 1.2.3.4:47 and the destination socket 10.18.45.123:4400. Is the source host a client or a server? Explain.
The source port number is 47. This is a well-known port number. Therefore, the source host is a server.
b) Is the destination host a client or a server? Explain.
The destination port number is 4400. This is an ephemeral port number, so the destination host is a client.
c) A server sends a packet with the source socket 60.32.1.79:25. What kind of server is it? Explain.
It uses the well-known port number, which indicates that it is a mail server.
d) What is socket spoofing?
Sending a packet with a false IP address and port number.
TCP Security
27. a) Does TCP have comprehensive security comparable with IPsec for IP?
No
b) Why is a lack of an automatic key exchange a problem for TCP electronic signatures?
There is none.
The User Datagram Protocol
28. a) What is the attraction of UDP?
It places a small load on the hosts and the network.
b) What kinds of applications specify the use of UDP at the transport layer?
Those that do not need reliability and those that cannot wait for retransmissions of lost or damaged messages.
c) Why is UDP more dangerous than TCP?
TCP’s sequence numbers make TCP session hijacking very difficult. UDP lacks this protection
TCP/IP Supervisory Standards
Internet Control Message Protocol (ICMP)
29. a) What is the TCP/IP internet layer supervisory protocol?
The Internet Control Message Protocol (ICMP).
b) Describe ping.
One side sends an ICMP echo message.
The other side sends back an ICMP echo reply message.
c) Describe ICMP error messages.
When a router or destination host must drop a packet, it sends back an ICMP error message.
d) What information does ping give an attacker?
The fact that there is a host at a given IP address.
e) What information does tracert give an attacker?
The route a packet takes to a destination host.
f) What information does an ICMP error message give an attacker?
The IP address of the host sending the error message.
The Domain Name System (DNS)
30. a) Why would a host contact a DNS server?
To learn the IP address of a host to which it wants to send packets.
b) If a local DNS server does not know the IP address for a host name, what will it do?
It will contact one or more other DNS servers.
c) What kind of organization must maintain one or more DNS servers?
An organization with a second-level domain name.
d) What is DNS cache poisoning?
An attacker replaces the IP address of a host name with another IP address.
e) Describe the status of DNSSEC.
It is under development.
f) Why are root servers attacked?
If most or all root servers were taken down, the effectiveness of the DNS system would begin to degrade.
Dynamic Host Configuration Protocol (DHCP)
31. a) What kind of IP addresses do servers get?
Static IP addresses.
b) Why are DHCP servers used?
To give IP addresses to clients.
c) Will a PC get the same dynamic IP address each time it uses the Internet?
Not necessarily.
d) Both DHCP servers and DNS servers give IP addresses. How do these IP addresses differ?
DHCP servers give a host an IP address for the host to use.
DNS servers give a host the IP address of a host to which the original host wishes to send packets.
Dynamic Routing Protocols
32. a) Why are dynamic routing protocols needed?
So that routers can get information for their routing tables.
b) What is the main TCP/IP interior dynamic routing protocol for large networks?
OSPF
c) What is the main TCP/IP exterior dynamic routing protocol?
BGP
d) Why is Cisco’s EIGRP attractive?
It is not limited to TCP/IP routing.
e) Is a company free to select its interior dynamic routing protocol, exterior dynamic routing protocol, or both?
Only its internal dynamic routing protocol.
f) How could an attacker use dynamic routing protocols to attack a network?
It could send false routing information to the network’s routers.
Simple Network Management Protocol (SNMP)
33. a) What is the purpose of SNMP?
To get configuration information from managed devices on the network and to change the configuration of managed devices.
b) Distinguish between the SNMP GET and SET commands.
GET asks for configuration information.
SET tells the managed device to change its configuration.
c) Why do many organizations disable the SET command?
SET is dangerous in terms of what it allows an attacker using SET to do.
Application Standards
34. a) Why are there usually two protocols for each application?
Application protocols need a protocol for message delivery and a protocol for message format.
b) In e-mail, distinguish between SNMP and POP.
SNMP is used to send messages.
POP is used to download mail from a mail server.
c) Why are Telnet and FTP dangerous?
They have no security, sending passwords in the clear.
d) What secure protocol can be used instead of Telnet and FTP?
SSH (Secure Shell)
e) What is the security standards situation in e-mail?
There is no consensus on e-mail security standards, so the standards are not widely used.